lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040210084229.A7903@openminds.be>
Date: Tue, 10 Feb 2004 08:42:29 +0100
From: Frank Louwers <frank@...nminds.be>
To: bugtraq@...urityfocus.com
Subject: Re: Samba 3.x + kernel 2.6.x local root vulnerability

On Mon, Feb 09, 2004 at 02:03:47PM -0800, Seth Arnold wrote:
> On Mon, Feb 09, 2004 at 10:23:03PM +0100, Michal Medvecky wrote:
> 
> I haven't got a clue what you're trying to accomplish. If you don't want
> a setuid execute, DON'T RUN chmod +s! You don't even need samba to
> accomplish this:
> 
> 
> I expect this behaviour out of every Linux, BSD, commercial Unix,
> Windows NT with POSIX emulation, QNX, etc. 
> 
> Can you please explain what specifically bothers you?

I think his point is this:

Image you have a user account luser on box foo. You do not have root on
foo. However, you do have root on box bar. If you are allowed to
smbmount stuff on foo as user luser, (which is a BadThing(tm), but
default behaviour on some systems as it seems), and you smbmount a share
on bar, and use that suid shell, you actually have root control on foo!



Kind Regards,
Frank Louwers

-- 
Openminds bvba                www.openminds.be
Tweebruggenstraat 16  -  9000 Gent  -  Belgium

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ